By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

He is responsible for creating angr, a Python framework for analysing binaries that is used by the US Department of Defence to scan IoT devices before it introduces them to its networks.

In slightly more depth, angr combines both static and dynamic symbolic (‘concolic’) analysis, making it applicable to a variety of tasks.

NOTE:Concolic testing (aportmanteau of concrete and symbolic) is a hybridsoftware verification technique that performssymbolic execution, a classical technique that treats program variables as symbolic variables.

The Computer Weekly Developer Network gained access to Vigna to discuss the mechanics of angr and find out more about how software application development professionals should regard this technology.

CWDN: What is angr & who is it for?

Vigna: Well, angr is a highly modular Python framework that performs binary analysis using VEX as an intermediate representation. The name ‘angr’ is a pun onVEX, since when something is vexing, it makes you angry. It is made of many interlocking parts to provide useful abstractions for analysis. Under the hood, pretty much every primitive operation that angr does is a call into SimuVEX to execute some code.

All IoT firmware is binary and only vendors have the source code. But often, IoT vendors don’t share source code, so security teams are left to find their own way to analyse the binary code. That means that, if you want to analyse IoT devices for vulnerabilities, then you need good binary analysis tools.

CWDN: Why did you create angr?

Vigna: The researchers at the University of California Santa Barbara Security Lab (which I am a part of) were interested in finding bugs in software, in publishing papers about finding bugs in software and wanted there to be a reasonable system for performing static analysis and symbolic execution on binary code.

On a more practical level, for organisations buying connected devices, security has risen to the top of the agenda. With the creation of angr, those buying pieces of firmware/software can now independently analyse it first without getting source code (as mentioned above, vendors don’t traditionally hand that over). This can go a long way to avoid another Mirai-botnet scenario.

CWDN: What is different about angr?

Vigna: There are other binary analysis tools, including Binary Analysis Platform (BAP), Reverse Engineering Intermediate Language (REIL), VEX, TCG – TinyCode that do elements of what angr does, but they don’t consolidate it all in one place and are not as widely or as easily used.

The proof is in the pudding – Cisco, Huawei, universities, researchers and even government research labs are using it. As a more specific example, the DoD uses it to analyse the hardware that it buys.

CWDN: Who can use (& get) angr?

Vigna: Thanks for asking, angr is an open source solution and can be found atanger.io. In over 20 years of researching and developing security technology, it has become clear to me that for research to have the most real-world impact, it must be given away, with no strings attached. This helps the technology to drive innovation, and means that there is less resistance to adopting it. Ultimately, I think it helps to make software better. Plus, as it is University owned property, it doesn’t need to make money.

Creator of angr Giovanni Vigna: looks quite chilled out actually

Join the conversation

1 comment

Send me notifications when other members comment.

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy